Singularity: A Next Generation OS
Here's a fascinating document from Microsoft Research detailing work on Singularity. It's an OS designed to support languages like Java and C# - so has been designed to support partitioned memory spaces, and to handle dependable code.
SIPs are the OS processes on Singularity. All code outside the kernel executes in a SIP. SIPs differ from conventional operating system processes in a number of ways:Something to keep an eye on - this could be the type of approach needed to deliver modular OSes that run on hypervisors.SIPs are not just used to encapsulate application extensions. Singularity uses a single mechanism for both protection and extensibility, instead of the conventional dual mechanisms of processes and dynamic code loading. As a consequence, Singularity needs only one error recovery model, one communication mechanism, one security policy, and one programming model, rather than the layers of partially redundant mechanisms and policies in current systems. A key experiment in Singularity is to construct an entire operating system using SIPs and demonstrate that the resulting system is more dependable than a conventional system.
- SIPs are closed object spaces, not address spaces. Two Singularity processes cannot simultaneously access an object. Communications between processes transfers exclusive ownership of data.
- SIPs are closed code spaces. A process cannot dynamically load or generate code.
- SIPs do not rely on memory management hardware for isolation. Multiple SIPs can reside in a physical or virtual address space.
- Communications between SIPs is through bidirectional, strongly typed, higher-order channels. A channel specifies its communications protocol as well as the values transferred, and both aspects are verified.
- SIPs are inexpensive to create and communication between SIPs incurs low overhead. Low cost makes it practical to use SIPs as a fine-grain isolation and extension mechanism.
- SIPs are created and terminated by the operating system, so that on termination, a SIP’s resources can be efficiently reclaimed.
- SIPs executed independently, even to the extent of having different data layouts, run-time systems, and garbage collectors.
posted by Simon Bisson at 10/29/2005 06:15:00 pm
2 Comments:
Oh, look! They've invented the B5500! Or was that USCD Pascal? Or the LISP Machine?
None of the above, ssavitzky. If you actually read the paper, you'll see that Singularity relies heavily on compile-time checking of code that eventually runs native, which is very different than running bytecode. They've also extended checking to a semantic level way above what bytecode can do; check out the protocol-specification part of Sing# to understand what that means.
It's easy to be a smartass about an OS based on a dialect of C#, but it just looks tiresome when the incorrectness of the hasty underlying assumptions is pointed out.
Post a Comment
<< Home